Update to version 9.2.0357.
Changes:
- patch 9.2.0357: [security]: command injection via backticks in tag files
- patch 9.2.0356: Cannot apply 'scrolloff' context lines at end of file
- patch 9.2.0355: runtime(tar): missing path traversal checks in tar#Extract()
- patch 9.2.0354: filetype: not all Bitbake include files are recognized
- runtime(bitbake): support forward-slashes in bitbake varflags
- patch 9.2.0353: Missing out-of-memory check in register.c
- runtime(doc): Tweak documentation style in channel.txt
- patch 9.2.0352: 'winhighlight' of left window blends into right window
- patch 9.2.0351: repeat_string() can be improved
- runtime(zip): also block single leading slash and absolute paths in Extract
- patch 9.2.0350: Enabling modelines poses a risk
- patch 9.2.0349: cannot style non-current window separator
- patch 9.2.0348: potential buffer underrun when setting statusline like option
- CI: Separate out ASan tests
- patch 9.2.0347: Vim9: script-local variable not found
- patch 9.2.0346: Wrong cursor position when entering command line window
[39 lines not shown]
rust195: Add a package for rust 1.95.0.
Pkgsrc changes:
* Update version & checksums, and adapt to new libc crate included.
Upstream changes relative to 1.94.1:
Version 1.95 (2026-04-16)
==========================
Language
--------
- [Stabilize `if let` guards on match arms]
(https://github.com/rust-lang/rust/pull/141295)
- [`irrefutable_let_patterns` lint no longer lints on let chains]
(https://github.com/rust-lang/rust/pull/146832)
- [Support importing path-segment keywords with renaming]
(https://github.com/rust-lang/rust/pull/146972)
- [Stabilize inline assembly for PowerPC and PowerPC64]
[185 lines not shown]
py-json5: updated to 0.14.0
0.14.0 (2026-03-27) This is really just a dependency bump release.
No (non-test) code changes.
Upgraded to latest packages for dev dependencies
Silenced a couple of warnings from the latest pylint where it can't deal with both unreachable code and a bad return value.
tor: updated to 0.4.8.23
Changes in version 0.4.8.23 - 2026-03-25
This is a security release fixing major bugfixes that could possibly lead to
remote crashing relays. We strongly recommend upgrading as soon as possible.
o Major bugfix (security, conflux):
- Fix a memory compare using the wrong length. This could lead to a
remote crash when using the conflux subsystem. TROVE-2026-004.
Fixes bug 41232; bugfix on 0.4.8.1-alpha.
o Minor bugfixes (security):
- Fix a series of defense in depth security issues found across the
codebase. Fixes bug 41228; bugfix on 0.3.5.1-alpha.
o Minor features (fallbackdir):
- Regenerate fallback directories generated on March 25, 2026.
o Minor features (geoip data):
[2 lines not shown]
py-python-multipart: updated to 0.0.26
0.0.26 (2026-04-10)
* Skip preamble before the first multipart boundary more efficiently
* Silently discard epilogue data after the closing multipart boundary
libfido2: updated to 1.17.0
1.17.0 (2026-04-15)
** Added CTAP 2.3 support.
** Restrict webauthn.dll search paths; YSA-2026-01.
** Support application-managed PIN/UV Auth tokens.
** Support 64-byte hmac-secret salts when using windows://hello.
** Fixed a U2F transaction handling bug when a timeout had been set.
** Fixed a bug where stdin was closed on fido_nl_new failure.
** fido2-token: new -G -t mode to to retrieve a PPUAT.
** fido2-token: new -I -t mode for deciphering encrypted fields.
** fido2-cred -M: support the -t toggle argument
** Improved documentation and examples.
** Removed tools from SDK packaging on Windows.
** New API calls:
- fido_cbor_info_attfmts_len;
- fido_cbor_info_attfmts_ptr;
- fido_cbor_info_cfgcmds_len;
- fido_cbor_info_cfgcmds_ptr;
[27 lines not shown]
libgcrypt: updated to 1.12.2
Noteworthy changes in version 1.12.2 (2026-04-15)
* Bug fixes:
- Fix possible ECDH buffer overwrite with zeroes.
- Add a missing bounds check to the Dilithium context handling.
- Add point validation when using the new KEM interface.
* Other:
- Fix the dead-code of stronger_key_check for RSA.
adguardhome: updated to 0.107.74
0.107.74
Security
Frontend libraries has been updated to prevent the possibility of exploiting the vulnerability described in CVE-2026-40175.
Go version has been updated to prevent the possibility of exploiting the Go vulnerabilities fixed in 1.26.2.
Changed
Configuration changes
Fixed
Incorrect forwarding of root domain requests when domain-specific upstreams are configured
The strict SNI check setting is not persisted when the TLS configuration is changed
Status reported by the launchd service implementation in cases of scheduled service restart.
Fixed clients block/unblock when moving clients between allowed and disallowed lists.
opencl-headers: updated to 2025.07.22
2025.07.22
Synchronize with OpenCL v3.0.19 specification release.
This release includes several changes that may affect backward compatibility:
Introduction of the CL_ENABLE_BETA_EXTENSIONS to guard beta features or extensions that can be modified with backward incompatible changes. Previously unguarded extensions are now guarded.
Introduction of anonymous unions in the struct _cl_icd_dispatch structure. This may cause warnings or errors during static initialization.